>We published this -00 draft to document a possible process to perform key >rollovers >on a BGPSEC router certificate and discuss the use of rollovers as an >alternative to beaconing.
I have a taxonomy suggestion to make. The method we currently have in the -01 version BGPSEC spec draft is really the Origin Signature Expire Time (OSET) method. We should try to move away from calling it the "beaconing" method. The reason is as follows. We have been using the name "beacon" simply to refer to re-origination of a prefix. By this definition of "beacon", both the OSET method and the Router Re-keying (RR) method use "beaconing". In the OSET method, the re-origination is done well before the Origin Signature Expire Time is reached. Router does re-origination of prefixes in the Router Re-keying method too, except that it is done when a new cert (and key-pair) kicks in and well before the previous cert's expire time (i.e., NotValidAfter) is reached. Each of the methods involves expire time. The Router Re-keying method has *implicit expire time* – the update would “expire” (i.e., become invalid) whenever the originating router's cert expires (and/or is revoked). The OSET method has *explicit expire time* in the BGPSEC update. Considering all of the above, I think the following taxonomy would be preferable: Origin Signature Expire Time (OSET) method (for what is in the current -01 spec draft), and Router Re-keying (RR) method (proposed new method). Sriram _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
